Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for autoprovisioning a user account based on detected attribute patterns comprising: retrieving a set of existing account information belonging to respective user accounts of a first set of users; performing pattern matching, by an attribute pattern discovery component, on the retrieved set of existing account information to discover attribute patterns in the retrieved set of existing account information, wherein a first pattern matching process extracts user attribute information in the retrieved set of existing account information and a second pattern matching process discovers at least a first attribute pattern within the extracted user attribute information and wherein the attribute pattern discovery component is a software module resident in a computer memory; generating an account template according to the first discovered attribute pattern; using the generated account template to create a new account on the first target for a first user, the first user not a member of the first set of users; and granting the first user access to the first target using the created new account.
This invention relates to a system for automatically provisioning user accounts based on detected patterns in existing account data. The problem addressed is the manual effort required to create user accounts with appropriate access permissions, particularly in environments where similar accounts are frequently needed. The solution involves analyzing existing account information to identify recurring attribute patterns, then using those patterns to generate new accounts for users who were not part of the original dataset. The method begins by retrieving account information from existing user accounts. An attribute pattern discovery component, implemented as a software module, performs two pattern matching processes. The first process extracts user attribute information from the retrieved data, while the second process identifies recurring patterns within those attributes. These patterns are used to generate an account template, which defines the structure and permissions of a new account. The template is then applied to create a new account for a user who was not part of the original dataset, granting them access to a target system or resource. This approach automates account provisioning by leveraging historical data, reducing administrative overhead and ensuring consistency in account configurations. The system is particularly useful in large organizations where similar access patterns are common across different user groups.
2. The method as recited in claim 1 , wherein generating an account template includes generating an expression for a respective account attribute, wherein the expression is evaluated at run time to provide an account value for the respective account attribute in the new account.
This invention relates to dynamic account generation in a computing system, addressing the challenge of efficiently creating and managing user accounts with customizable attributes. The method involves generating an account template that defines the structure and properties of new accounts. A key feature is the generation of expressions for each account attribute, where these expressions are evaluated at runtime to determine the account value for that attribute. This allows for flexible, context-aware account creation, where attribute values can be dynamically computed based on runtime conditions, user inputs, or system parameters. The expressions may incorporate variables, functions, or logical operations to derive attribute values, enabling personalized or adaptive account configurations. This approach reduces the need for static, predefined account templates and supports more flexible account management in systems requiring dynamic attribute assignment. The method ensures that account attributes are computed on-demand, improving scalability and adaptability in account provisioning workflows.
3. The method as recited in claim 2 , wherein the generated account template includes a set of dynamically generated expressions, and the method further comprises: presenting the account template to an administrative user; responsive to administrative user input, overriding one of the dynamically generated expressions with a statically defined input provided by the administrative user.
This invention relates to systems for generating and customizing account templates in a computing environment. The problem addressed is the need for flexible and adaptable account templates that can be dynamically generated while still allowing for manual customization by administrators. The method involves creating an account template that includes a set of dynamically generated expressions, which are typically derived from predefined rules or data sources. These expressions may represent default values, formulas, or other configurable elements for account settings. The template is then presented to an administrative user, who can review and modify it. If the administrator determines that a particular dynamically generated expression should be replaced, they can override it with a statically defined input. This input is manually provided by the user and remains fixed unless further changes are made. The method ensures that while the template generation process is automated, it remains adaptable to specific administrative requirements. This approach balances automation with manual control, allowing for efficient template creation while accommodating unique or exceptional cases that may not be covered by the dynamic generation rules. The invention is particularly useful in environments where account templates must be both scalable and customizable, such as in enterprise systems or cloud-based services.
4. The method as recited in claim 1 , further comprising: determining a set of attributes for the first target; selecting a rule from a set of rules for analyzing the retrieved set of existing account information according to the determined set of attributes; and using the selected rule in the analyzing.
This invention relates to systems for analyzing existing account information to identify potential matches with a target entity. The problem addressed is the need to efficiently and accurately compare a target entity against existing account records to determine if they represent the same entity, particularly in scenarios where direct identifiers like names or IDs may not match exactly. The solution involves dynamically selecting analysis rules based on the attributes of the target entity to improve matching accuracy. The method retrieves existing account information from a database and compares it to a first target entity. To enhance this comparison, the system determines a set of attributes for the target, such as demographic or behavioral characteristics. Based on these attributes, a specific rule is selected from a predefined set of rules. These rules define how the existing account information should be analyzed to determine if it matches the target. For example, one rule might prioritize certain attributes over others, while another might apply different thresholds for similarity. The selected rule is then applied to the analysis, ensuring that the comparison is tailored to the target's specific characteristics, thereby improving the likelihood of correctly identifying matches. This approach is particularly useful in fraud detection, customer relationship management, and identity verification systems where accurate entity resolution is critical.
5. The method as recited in claim 1 , further comprising: responsive to user input, using a user specified attribute input for a selected attribute value in the account template.
A system and method for managing account templates in a data processing environment addresses the challenge of efficiently creating and customizing user accounts with predefined attributes. The invention provides a structured approach to account creation by utilizing templates that define default attribute values, reducing manual configuration and ensuring consistency across multiple accounts. The method involves generating an account template with predefined attribute values, allowing users to select and apply this template to create new accounts. A key feature is the ability to modify specific attribute values within the template based on user input, enabling customization while maintaining the benefits of predefined configurations. This ensures that accounts are created quickly and accurately, with the flexibility to adjust individual attributes as needed. The system supports dynamic attribute selection, where users can specify values for selected attributes during the account creation process, enhancing adaptability to different use cases. The invention improves efficiency in account management by automating repetitive tasks while allowing for necessary customization, making it particularly useful in environments where multiple accounts with similar configurations are required.
6. The method as recited in claim 1 , wherein the set of existing account information is for a second target distinct from the first target.
A system and method for managing account information across multiple distinct targets involves retrieving and processing a set of existing account information associated with a second target, which is distinct from a first target. The method includes identifying and extracting relevant account data from the second target, which may include user credentials, permissions, or configuration settings. This data is then analyzed to determine compatibility or conflicts with the first target's environment. The system may perform transformations or mappings to ensure the account information is compatible with the first target's requirements. The method further includes validating the transformed data to confirm it meets security and operational standards before deployment. This approach allows for seamless migration or synchronization of account information between different systems, reducing manual effort and minimizing errors. The solution is particularly useful in environments where multiple distinct systems or platforms need to share or transfer account-related data while maintaining consistency and security. The method ensures that account information remains accurate and functional across different targets, improving efficiency in system administration and user management.
7. The method as recited in claim 1 , further comprising: filtering the existing account information for existing account information for user accounts corresponding to users with role or group information similar to the first user to produce a filtered set of existing account information; and analyzing the filtered set of existing account information to discover attribute patterns in the existing account information.
This invention relates to a method for analyzing user account information within a system to identify attribute patterns among users with similar roles or group affiliations. The method addresses the challenge of efficiently identifying relevant patterns in user account data, particularly in large-scale systems where manual analysis is impractical. The process begins by accessing existing account information for multiple user accounts within the system. This data includes attributes such as user roles, group memberships, permissions, and other relevant metadata. The method then filters this information to isolate accounts belonging to users with roles or group information similar to a first user, creating a filtered set of account data. This filtered set is then analyzed to discover attribute patterns, such as common permissions, access rights, or behavioral trends, among the similar users. The analysis may involve statistical methods, machine learning techniques, or rule-based approaches to identify meaningful correlations or deviations in the data. The discovered patterns can be used to optimize user account management, improve security policies, or enhance system performance by ensuring consistent and appropriate access controls. The method is particularly useful in enterprise environments where role-based access control (RBAC) or attribute-based access control (ABAC) systems are implemented, as it automates the detection of inconsistencies or inefficiencies in user account configurations.
8. The method as recited in claim 1 , wherein a plurality of attribute patterns is discovered for a respective account attribute and the method further comprises: determining that a first discovered attribute pattern of the plurality of account attribute patterns is common to a threshold number of existing account information; and selecting the first discovered attribute pattern for use for the creation of the account template.
The invention relates to a method for discovering and selecting attribute patterns in account data to create standardized account templates. The problem addressed is the variability in how account information is structured across different records, making it difficult to automate account creation or analysis. The method involves analyzing existing account data to identify recurring patterns in attribute values, such as names, addresses, or identifiers, for a specific account attribute. Multiple attribute patterns are discovered for each attribute, and the method evaluates these patterns to determine which are most common across a threshold number of existing records. The most common pattern is then selected as a template for new account creation, ensuring consistency and reducing errors. This approach improves data standardization by leveraging frequently occurring patterns in historical data, making it easier to process and validate new account information. The method may be applied in systems handling large volumes of account data, such as financial institutions, customer relationship management (CRM) systems, or identity verification services.
9. The method as recited in claim 1 , wherein the pattern matching includes using a respective set of rules to analyze the retrieved account information for a respective account attribute in the account template.
A system and method for analyzing account information using pattern matching techniques. The invention addresses the challenge of efficiently extracting and validating specific attributes from account data stored in various formats or systems. The method involves retrieving account information from a data source and comparing it against a predefined account template. The template includes structured fields representing desired account attributes, such as account numbers, names, or statuses. Pattern matching is applied to the retrieved data to identify and extract these attributes. The matching process uses a set of rules tailored to each attribute, allowing for flexible and accurate detection of relevant information. These rules may include regular expressions, keyword matching, or other pattern recognition techniques. The extracted attributes are then validated against the template to ensure consistency and completeness. This approach enables automated processing of account data, reducing manual effort and improving accuracy in financial, administrative, or customer management systems. The method supports integration with different data sources and adapts to varying data structures, making it suitable for diverse applications.
10. An apparatus, comprising: a processor; computer memory holding computer program instructions executed by the processor to reduce risk associated with recertification of an account having an access entitlement, the computer program instructions comprising: program code operative to retrieve a set of existing account information belonging to respective user accounts of a first set of users; an attribute pattern discovery component to perform pattern matching on the retrieved set of existing account information to discover attribute patterns in the retrieved set of existing account information, wherein a first pattern matching process extracts user attribute information in the retrieved set of existing account information and a second pattern matching process discovers at least a first attribute pattern within the extracted user attribute information; program code operative to generate an account template according to the first discovered attribute pattern; program code operative to use the generated account template to create a new account on the first target for a first user, the first user not a member of the first set of users; and program code operative to grant the first user access to the first target using the created new account.
This invention relates to reducing risks associated with account recertification in access management systems. The problem addressed is the inefficiency and security vulnerabilities in manually managing user access entitlements, particularly when onboarding new users or recertifying existing accounts. The solution involves automating the creation of new accounts based on discovered patterns in existing account configurations to ensure consistency and reduce administrative overhead. The apparatus includes a processor and computer memory storing instructions for retrieving existing account information from a set of user accounts. A pattern discovery component analyzes this data to identify recurring attribute patterns, such as role assignments, permissions, or other access entitlements. The system extracts user attributes and applies pattern matching to uncover these patterns. Once a pattern is identified, an account template is generated based on the discovered pattern. This template is then used to create a new account for a user not previously part of the analyzed set, ensuring the new account adheres to the established pattern. The new user is granted access to a target system using this pre-configured account, reducing the risk of misconfigurations or unauthorized access during the recertification process. The approach minimizes manual intervention, enhances security, and ensures compliance with access policies.
11. The apparatus as recited in claim 10 wherein the program code operative to generate an account template includes code for generating an expression for a respective account attribute, wherein the expression is evaluated at run time to provide an account value for the respective account attribute in the new account.
This invention relates to a system for dynamically generating account templates in a computing environment. The problem addressed is the need for flexible and efficient account creation, where account attributes are not statically defined but instead evaluated at runtime based on dynamic expressions. The apparatus includes a processor and memory storing program code for generating an account template. The template includes expressions for account attributes, which are evaluated during runtime to determine the actual values for those attributes in newly created accounts. This allows for dynamic customization of account attributes without requiring predefined static values. The system also includes program code for receiving user input to define the expressions, which can incorporate variables, functions, or other runtime-evaluated logic. The expressions may reference external data sources or system states to compute attribute values dynamically. This approach enables adaptive account configurations that respond to changing conditions or requirements, improving flexibility and reducing the need for manual updates. The invention is particularly useful in environments where account attributes must be tailored to specific contexts or user roles, such as financial systems, user management platforms, or access control systems.
12. The apparatus as recited in claim 11 , wherein the generated account template includes a set of dynamically generated expressions, and the apparatus further comprises: program code operative to present the account template to an administrative user; program code operative to use administrative user input to override one of the dynamically generated expressions with a statically defined input provided by the administrative user.
This invention relates to systems for generating and customizing account templates in a computing environment. The problem addressed is the need for flexible and adaptable account templates that can be dynamically generated while still allowing for manual customization by administrative users. The apparatus includes a system for creating account templates with dynamically generated expressions, which are placeholders or variables that can be automatically filled with data based on predefined rules or algorithms. These expressions allow for automated generation of account templates tailored to specific requirements. The system further includes functionality to present the generated template to an administrative user, who can then override any of the dynamically generated expressions with statically defined inputs. This static input is provided directly by the administrative user, allowing for manual adjustments to the template as needed. The combination of dynamic generation and manual override ensures that the templates are both automated and customizable, providing a balance between efficiency and flexibility in account management.
13. The apparatus as recited in claim 10 , further comprising: program code operative to determine a set of attributes for the first target; program code operative to select a rule from a set of rules for analyzing the retrieved set of existing account information according to the determined set of attributes; and program code operative to use the selected rule in the analyzing.
This invention relates to systems for analyzing account information to determine attributes of a target entity and applying rules to assess the relevance of existing account data based on those attributes. The problem addressed is the need for automated, attribute-driven analysis of account information to improve decision-making processes, such as fraud detection, risk assessment, or customer profiling. The apparatus includes a processor and memory storing program code. The program code is configured to retrieve a set of existing account information associated with a first target, such as a user or entity. It then determines a set of attributes for the first target, which may include demographic, behavioral, or transactional characteristics. Based on these attributes, the system selects a specific rule from a predefined set of rules. These rules define how the retrieved account information should be analyzed, such as filtering, scoring, or categorizing the data. The selected rule is then applied to the account information to generate insights or decisions. The apparatus may also include additional program code to perform other functions, such as storing the analyzed data, generating reports, or triggering actions based on the analysis results. The system ensures that the analysis is tailored to the target's attributes, improving accuracy and efficiency in processing account information. This approach is particularly useful in financial services, cybersecurity, or compliance applications where contextual analysis of account data is critical.
14. The apparatus recited in claim 10 , further comprising: program code operative to filter the existing account information for existing account information for user accounts corresponding to users with role or group information similar to the first user to produce a filtered set of existing account information; and program code operative to pattern match the filtered set of existing account information to discover attribute patterns in the existing account information.
This invention relates to a system for analyzing and utilizing existing account information to improve user account management, particularly in environments where role-based or group-based access control is used. The problem addressed is the difficulty in efficiently identifying relevant patterns in existing user account data to assist in configuring new or modified accounts. The apparatus includes a data processing system that retrieves existing account information from a database. The system filters this information to focus on accounts belonging to users with roles or group memberships similar to a first user, creating a filtered set of relevant account data. The system then applies pattern matching techniques to this filtered set to identify recurring attribute patterns in the account configurations. These patterns may include common permissions, access levels, or other attribute settings that are frequently associated with similar roles or groups. By analyzing these patterns, the system can provide recommendations or automated configurations for new accounts, reducing manual setup time and ensuring consistency across similar user roles. The pattern matching may involve statistical analysis, machine learning, or rule-based methods to detect meaningful correlations in the account data. This approach helps organizations maintain security and efficiency in user account management by leveraging historical data to inform current configurations.
15. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, to reduce risk associated with recertification of an account having an access entitlement, the computer program instructions comprising: program code operative to retrieve a set of existing account information belonging to respective user accounts of a first set of users; an attribute pattern discovery component to perform pattern matching on the retrieved set of existing account information to discover attribute patterns in the retrieved set of existing account information, wherein a first pattern matching process extracts user attribute information in the retrieved set of existing account information and a second pattern matching process discovers at least a first attribute pattern within the extracted user attribute information; program code operative to generate an account template according to the first discovered attribute pattern; program code operative to use the generated account template to create a new account on the first target for a first user, the first user not a member of the first set of users; and program code operative to grant the first user access to the first target using the created new account.
This invention relates to reducing risk in account recertification by automating the creation of standardized account templates based on discovered attribute patterns. The problem addressed is the inefficiency and security risks associated with manual account provisioning and recertification, which can lead to inconsistent access entitlements and unauthorized access. The system retrieves existing account information from a set of user accounts, then applies pattern matching to identify recurring attribute patterns within the data. A first pattern matching process extracts user attribute information, while a second process discovers specific attribute patterns within that data. These patterns are used to generate standardized account templates, which ensure consistency in account configurations. The system then uses these templates to create new accounts for users who were not part of the original set, ensuring that the new accounts adhere to the same attribute patterns as existing accounts. This approach reduces the risk of misconfigured accounts and unauthorized access by enforcing standardized access entitlements. The solution is implemented as a computer program product stored on a non-transitory medium, designed to execute on a data processing system.
16. The computer program product as recited in claim 15 wherein the program code operative to generate an account template includes generating an expression for a respective account attribute, wherein the expression is evaluated at run time to provide an account value for the respective account attribute in the new account.
This invention relates to a computer program product for managing account templates in a system where account attributes are dynamically evaluated at runtime. The problem addressed is the inflexibility of static account configurations, which require manual updates when attribute values change. The solution involves generating account templates with expressions for account attributes, where these expressions are evaluated during runtime to produce dynamic account values. This allows for real-time adjustments without modifying the template itself, improving adaptability and reducing maintenance overhead. The system includes program code to define account templates with configurable expressions for each attribute, ensuring that the generated accounts reflect the latest evaluated values. The expressions can incorporate variables, functions, or external data sources, enabling complex and context-aware attribute calculations. This approach is particularly useful in environments where account configurations must adapt to changing conditions, such as user roles, system states, or external inputs. The invention enhances automation and reduces the need for manual intervention in account management processes.
17. The computer program product as recited in claim 16 , wherein the generated account template includes a set of dynamically generated expressions, and the computer program product further comprises: program code operative to present the account template to an administrative user; program code operative to use administrative user input to override one of the dynamically generated expressions with a statically defined input provided by the administrative user.
This invention relates to a computer program product for managing account templates in a system, addressing the challenge of balancing automated template generation with user customization. The system generates account templates containing dynamically created expressions, which are placeholders or rules for account attributes. These templates are presented to an administrative user, who can override any dynamically generated expression with a statically defined input, such as a fixed value or predefined rule. This allows the system to automate template creation while enabling manual adjustments for specific requirements. The dynamic expressions may include variables, conditional logic, or other programmable elements, while the static overrides provide direct control over certain fields. The invention ensures flexibility in account management by combining automated generation with user-defined customization, improving efficiency and adaptability in system administration.
18. The computer program product as recited in claim 15 , further comprising: program code operative to determine a set of attributes for the first target; program code operative to select a rule from a set of rules for pattern matching the retrieved set of existing account information according to the determined set of attributes; and program code operative to use the selected rule in the pattern matching.
This invention relates to computer program products for matching and processing account information. The system retrieves existing account information from a database and analyzes it to identify patterns. The program includes code to determine a set of attributes for a target entity, such as a user or account. Based on these attributes, it selects a specific rule from a predefined set of rules designed for pattern matching. The selected rule is then applied to the retrieved account information to identify relevant patterns or matches. This process helps automate the comparison of account data against predefined criteria, improving accuracy and efficiency in tasks like fraud detection, customer matching, or data validation. The system dynamically adapts its matching approach by choosing the most appropriate rule for the given attributes, ensuring flexibility in handling different types of account information. The overall goal is to enhance the reliability and precision of pattern recognition in account-related data processing.
19. The computer program product recited in claim 15 , further comprising: program code operative to filter the existing account information for existing account information for user accounts corresponding to users with role or group information similar to the first user to produce a filtered set of existing account information; and program code operative to pattern match the filtered set of existing account information to discover attribute patterns in the existing account information.
This invention relates to a computer program product for analyzing and processing user account information to identify attribute patterns, particularly in systems where user roles or group memberships are relevant. The problem addressed is the need to efficiently extract meaningful patterns from large datasets of user account information, especially when filtering for users with similar roles or group affiliations to a target user. The program product includes code to filter existing account information based on role or group similarity to a first user, producing a filtered set of relevant account data. This filtering step ensures that only accounts with comparable roles or group memberships are considered, improving the relevance of subsequent analysis. The filtered data is then subjected to pattern matching techniques to identify recurring attribute patterns within the dataset. These patterns may include common configurations, permissions, or other attributes shared among users with similar roles or groups. The invention enhances the ability to analyze user account data by focusing on relevant subsets of information, reducing noise, and improving the accuracy of pattern discovery. This can be applied in various contexts, such as access control management, user provisioning, or compliance auditing, where understanding role-based or group-based attribute patterns is valuable. The program product operates on existing account information, leveraging pre-existing data to derive insights without requiring additional user input or external data sources.
20. The computer program product as recited in claim 15 , wherein the set of existing accounts are for a second target distinct from the first target.
This invention relates to a computer program product for managing and analyzing account data across multiple targets. The system identifies a set of existing accounts associated with a first target, such as a user, device, or organization, and determines a set of attributes for those accounts. The system then generates a similarity score for each account based on the attributes, where the score indicates how closely the account matches a predefined profile or criteria. The system further filters the accounts based on the similarity scores to produce a refined set of accounts. The refined set is then used to perform an action, such as authentication, authorization, or access control, for the first target. Additionally, the system can also process a second set of existing accounts associated with a second target, distinct from the first target. This allows the system to compare or correlate accounts across different targets, enabling cross-target analysis. The system may apply the same or different attribute-based filtering and scoring mechanisms to the second set of accounts. The results can be used for various purposes, including security monitoring, fraud detection, or user behavior analysis. The invention improves account management by providing a structured, attribute-driven approach to evaluating and refining account data across multiple targets.
Unknown
August 27, 2019
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.